Use CanCanCan for redaction authorizations

app/abilities/ability.rb

@@ -8,6 +8,7 @@ class Ability
     can [:index, :rss, :show, :comments], DiaryEntry
     can [:search, :search_latlon, :search_ca_postcode, :search_osm_nominatim,
          :search_geonames, :search_osm_nominatim_reverse, :search_geonames_reverse], :geocoder
+    can [:index, :show], Redaction
     can [:index, :show, :blocks_on, :blocks_by], UserBlock
 
     if user
@@ -19,6 +20,7 @@ class Ability
       if user.moderator?
         can [:index, :show, :resolve, :ignore, :reopen], Issue
         can :create, IssueComment
+        can [:new, :create, :edit, :update, :destroy], Redaction
         can [:new, :edit, :create, :update, :revoke], UserBlock
       end
 

app/controllers/redactions_controller.rb

@@ -3,8 +3,9 @@ class RedactionsController < ApplicationController
 
   before_action :authorize_web
   before_action :set_locale
-  before_action :require_user, :only => [:new, :create, :edit, :update, :destroy]
-  before_action :require_moderator, :only => [:new, :create, :edit, :update, :destroy]
+
+  authorize_resource
+
   before_action :lookup_redaction, :only => [:show, :edit, :update, :destroy]
   before_action :check_database_readable
   before_action :check_database_writable, :only => [:create, :update, :destroy]

test/controllers/redactions_controller_test.rb

@@ -64,8 +64,7 @@ class RedactionsControllerTest < ActionController::TestCase
     session[:user] = create(:user).id
 
     get :new
-    assert_response :redirect
-    assert_redirected_to redactions_path
+    assert_response :forbidden
   end
 
   def test_create_moderator
@@ -141,8 +140,7 @@ class RedactionsControllerTest < ActionController::TestCase
     session[:user] = create(:user).id
 
     get :edit, :params => { :id => create(:redaction).id }
-    assert_response :redirect
-    assert_redirected_to(redactions_path)
+    assert_response :forbidden
   end
 
   def test_update_moderator